Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-27994 — WordPress Tediss theme <= 1.2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tediss tediss allows PHP Local File Inclusion.This issue affects Tedi…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-27993 — WordPress Aldo theme <= 1.0.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aldo aldo allows PHP Local File Inclusion.This issue affects Aldo: fr…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-27992 — WordPress Meals & Wheels theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Meals & Wheels meals-wheels allows PHP Local File Inclusion.This issu…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-27991 — WordPress Avventure theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Avventure avventure allows PHP Local File Inclusion.This issue affect…

Remote | Injection
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-27990 — WordPress ConFix theme <= 1.013 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ConFix confix allows PHP Local File Inclusion.This issue affects ConF…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-27989 — WordPress Quanzo theme <= 1.0.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Quanzo quanzo allows PHP Local File Inclusion.This issue affects Quan…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-27988 — WordPress Equadio theme <= 1.1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Equadio equadio allows PHP Local File Inclusion.This issue affects Eq…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-27987 — WordPress The Qlean theme <= 2.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affect…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-27986 — WordPress OsTende theme <= 1.4.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX OsTende ostende allows PHP Local File Inclusion.This issue affects Os…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-27985 — WordPress Humanum theme <= 1.1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Humanum humanum allows PHP Local File Inclusion.This issue affects Hu…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
9.0 CRITICAL
CVE-2026-27984 — WordPress Widget Options plugin <= 4.1.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through <= 4.…

Remote | Injection
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
9.8 CRITICAL
CVE-2026-27983 — WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4.

Remote | Authorization
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
5.1 MEDIUM
CVE-2026-27982 — Django-Allauth Open Redirect Vulnerability

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to …

| Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2026-27541 — WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.6.

wholesale_suite | Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2026-27439 — WordPress Dentario theme <= 1.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5.

Remote | Injection
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27438 — WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7.

| Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2026-27437 — WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3.

Remote | Injection
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27428 — WordPress Eagle Booking plugin <= 1.3.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: f…

| Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2026-27417 — WordPress Sweet Date theme < 4.0.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1.

Remote | Injection
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27411 — WordPress SiteGuard WP Plugin plugin <= 1.7.9 - Captcha Bypass vulnerability

Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9.

| Authentication
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
Showing 20 of 5132 Results